121 lines
3.2 KiB
Bash
121 lines
3.2 KiB
Bash
#!/bin/sh -e
|
||
#
|
||
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||
#
|
||
# This file is part of cdist.
|
||
#
|
||
# cdist is free software: you can redistribute it and/or modify
|
||
# it under the terms of the GNU General Public License as published by
|
||
# the Free Software Foundation, either version 3 of the License, or
|
||
# (at your option) any later version.
|
||
#
|
||
# cdist is distributed in the hope that it will be useful,
|
||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
# GNU General Public License for more details.
|
||
#
|
||
# You should have received a copy of the GNU General Public License
|
||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||
#
|
||
# Determines the current state of the config option.
|
||
# Possible output:
|
||
# - present: "should" option present in config file
|
||
# - default: the "should" option is the default -> don’t know if present
|
||
# - absent: no such option present in config file
|
||
#
|
||
|
||
joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
|
||
trlower() { tr '[:upper:]' '[:lower:]'; }
|
||
tolower() { printf '%s' "$*" | trlower; }
|
||
|
||
default_value() {
|
||
sshd -T -f /dev/null -C "$(make_conn_spec)" \
|
||
| sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p'
|
||
}
|
||
|
||
make_conn_spec() {
|
||
if test -s "${__object:?}/parameter/match"
|
||
then
|
||
_match_file="${__object:?}/parameter/match"
|
||
else
|
||
_match_file='/dev/null'
|
||
fi
|
||
|
||
for _kw in \
|
||
addr=Address \
|
||
user=User \
|
||
host=Host \
|
||
laddr=LocalAddress \
|
||
lport=LocalPort \
|
||
rdomain=RDomain
|
||
do
|
||
_specname=${_kw%%=*}
|
||
_confname=$(tolower "${_kw#*=}")
|
||
while read -r _k _v
|
||
do
|
||
if test "$(tolower "${_k}")" = "${_confname}"
|
||
then
|
||
printf '%s=%s\n' "${_specname}" "${_v}"
|
||
continue 2
|
||
fi
|
||
done <"${_match_file}"
|
||
|
||
# NOTE: Print test spec even for empty keys to suppress errors like:
|
||
# 'Match User' in configuration but 'user' not in connection test specification.
|
||
# except lport:
|
||
# Invalid port '' in test mode specification lport=
|
||
test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}"
|
||
done \
|
||
| joinlines ','
|
||
unset _match_file
|
||
}
|
||
|
||
sshd_config_file=$(cat "${__object:?}/parameter/file")
|
||
state_should=$(cat "${__object:?}/parameter/state")
|
||
|
||
if test -s "${__object:?}/parameter/option"
|
||
then
|
||
option_name=$(cat "${__object:?}/parameter/option")
|
||
else
|
||
option_name=${__object_id:?}
|
||
fi
|
||
|
||
value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \
|
||
|| test "${state_should}" = absent || exit 0 # param optional if --state absent
|
||
|
||
command -v sshd >/dev/null 2>&1 || {
|
||
echo 'Cannot find sshd.' >&2
|
||
exit 1
|
||
}
|
||
|
||
test -e "${sshd_config_file}" || {
|
||
echo 'absent'
|
||
exit 0
|
||
}
|
||
|
||
value_is=$(
|
||
sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \
|
||
| sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p')
|
||
|
||
if printf '%s\n' "${value_is}" | {
|
||
if test -n "${value_should}"
|
||
then
|
||
grep -q -x -F "${value_should}"
|
||
else
|
||
# if no value provided, assume "any" value
|
||
grep -q -e .
|
||
fi
|
||
}
|
||
then
|
||
if default_value "${option_name}" | grep -q -x -F "${value_is}"
|
||
then
|
||
# Might produce false positives for default values.
|
||
# TODO: Manual checking should be done, but for simplicity, this case is
|
||
# currently ignored here.
|
||
echo default
|
||
else
|
||
echo present
|
||
fi
|
||
else
|
||
echo absent
|
||
fi
|